CISA, FBI & NSA Issue Ransomware Warning Alert

Uploaded on 2021-10-27 in TECHNOLOGY--Resilience, GOVERNMENT-Law Enforcement, FREE TO VIEW

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cyber security advisory regarding increased Conti ransomware attacks. 

The three US federal agencies urge enterprise IT admins to review their organisations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware. This advisory includes technical details on the threat and mitigation steps that public and private sector organisations can take to reduce their risk to this ransomware.

CISA and the FBI have observed over 400 attacks using Conti ransomware against US and international organisations to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen sensitive data. The joint cyber security advisory from CISA, the FBI, and the NSA shares the tactics, techniques, and procedures associated with BlackMatter activity that could help organisations protect against the BlackMatter ransomware gang.

BlackMatter ransomware-as-a-service activity started in July with the clear goal of breaching corporate networks belonging to businesses in the US, Canada, Australia, and the UK with a revenue of at least $100 million. Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, however there is variation in its structure that differentiates it from a typical affiliate model. 

It is likely that Conti developers pay the users of the ransomware a wage rather than a percentage of the proceeds from a successful attack.

“Americans are routinely experiencing real-world consequences of the ransomware epidemic as malicious cyber actors continue to target large and small businesses, organizations, and governments,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “CISA, FBI, and NSA work tirelessly to assess cyber threats and advise our domestic and international partners on how they can reduce the risk and strengthen their own capabilities. We encourage Americans to visit stopransomware.gov to learn how to improve their own cybersecurity to mitigate risk of becoming a victim of ransomware... The FBI, along with our partners at CISA and NSA, is committed to providing resources in an effort to help public and private sector entities protect their systems against ransomware attacks,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. 

“The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns, and the advisory highlights actions organisations can take right now to counter the threat,” said Rob Joyce, Director of Cybersecurity at NSA. “NSA works closely with our partners, providing critical intelligence and enabling operations to counter ransomware activities. We highly recommend using the mitigations outlined in this advisory to protect against Conti malware and mitigate your risk against any ransomware attack.”

Using the MITRE ATT&CK common lexicon of adversary behavior, the advisory highlights observed Conti actors’ techniques used to conduct their exploits, such as spearphishing campaigns, remote monitoring and management software, the “PrintNightmare” vulnerability, and remote desktop software. Also, artifacts from a recently leaked threat actor “playbook” identify Internet Protocol (IP) addresses Conti actors have used for their malicious activity. Organisations should read and implement the recommended mitigations and continue to be vigilant against this ongoing ransomware threat.

If an organisation should become a victim of ransomware, CISA, FBI and NSA strongly discourage paying the ransom. Paying a ransom may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and does not guarantee that a victim’s files will be recovered. 

As a cyber security community, one of the best ways to prevent future ransomware attacks and hold these criminals accountable is for cyber attack victims to report it.

CISA:       US-CERT:     ITPro:      Bleeping Computer:     Cyberscoop

You Might Also Read: 

GCHQ Boss Says Ransomware Attacks Have Doubled In A Year:

 

« Cambridge University Rejects £400m Over Pegasus Hacking
A Short Guide To Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Argus Cyber Security

Argus Cyber Security

Argus is the world’s largest automotive cyber security company, protecting connected cars and commercial vehicles from hacking.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

TechStak

TechStak

TechStak is the easiest way for businesses to find and connect with IT Pros and other technology solution providers in their area.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

BT Security

BT Security

BT provides telecommunications and network infrastructure services to keep businesses around the world connected and secure.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Marcum Technology

Marcum Technology

Marcum Technology consultants are focused on helping you reach your company’s full potential by exploring creative ways to integrate tomorrow’s technology into your business today.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Unit 42

Unit 42

Unit 42 brings together world-renowned threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).